Main menu

Tor at the Heart: The Tor Project

Throughout the month of December, we've highlighted a few of our fellow travelers on the road to Internet freedom in a series of blog posts titled "Tor at the Heart." We wanted to show some of the many other projects out there and their connection to us. Just like a heart, Tor helps to fortify these projects as they provide Internet freedom around the world.

Technological tools like Tor are often the only way people within those countries can communicate to the outside world.

Tor is also important for those of us lucky enough to live in countries without major censorship events. Journalists use Tor to communicate more safely with whistleblowers and dissidents. Everyday people use Tor to keep their Internet activities concealed from advertisers, ISPs, and web sites. Tor is important for anyone who doesn't want their browsing habits linked to them.

And 2017 is shaping up to be even more intense. We are working to deploy new features, including better mobile connectivity and better visualizations of our data so that others can easily explore and learn from them. We are working to improve the user interface on our website and various apps. And we’re working on better ways to safeguard our users, including sandboxing Tor at the application level and investigating quantum computing.

As we wind down our 2016 end-of-year fundraising campaign, won't you take a minute to contribute a financial donation? Giving is easy, and you'll get the warm glow of knowing that you've done your small part to help someone in an oppressive part of the world be able to get her story out to the rest of us. We'll even throw in a t-shirt and/or other swag, if you choose, so you can show the world how cool you are and that you care about digital freedom.

i cannot send money so i wonder why you have not posted a list of shop (station e.g) where i could buy something _ Have you supporters or contact in an international area like an airport ?
you should improve your blog : sometimes i do not understand why so many people are off-topic or take as reference a person that they do not know , newspapers where there do not work or subject which do not concern them.
happy new year 2017 !

I've noticed from time-time I need to kill/end the ongoing tor binary and reboot it to continue my Tor Hidden Service applications connection from time to time, perhaps after 3-4 days of continuous operation. I don't see a tor 'restart' command, there must be some automated function without a bunch of scripted lines I can do cron this to automatically carry this out at least every 12-24hrs on the multiple tor binarys that I have actively running to help tor keep functional and active.

I really enjoyed the Tor at the Heart series. I learned about a lot of interesting projects and tools I wasn't previously aware of. I also posted comments and received replies from a lot of Tor people, including some I'd never heard from before, and I've been following the blog for a long time now. As a Tor user for probably 8 years or so, that's really important to me.

The FBI lost no time in accusing the Tor community of involvement in the US election hacking, and I urge the Tor media team to reach out to reporters to rebut their claims.

"Grizzly Steppe" is the code name bestowed by DHS/FBI/USCERT upon the two alleged groups of RU-government-sponsored hackers which infiltrated the DNC and DCCC networks. Last Thursday DHS/FBI issued a "Joint Activity Report" in which they allegedly lay out the "evidence" for the attribution of the election hacking to the Russian government. As dozens of cybersecurity experts were quick to point out, the claims turn out to be long on unsupported allegations and short on credible evidence.

you can find a csv file which lists various alleged "indicators" of "Grizzly Steppe" activity, including 877 IP addresses. Of these, 219 correspond to some of the more than 7200 currently active Tor nodes.

To be clear, I don't believe a word of it, and neither should anyone else. That is, I don't doubt that RU may have been involved, but I very much doubt that CSAIl and the operators of the other named nodes were involved.

The fact that DHS/FBI listed more than 200 Tor nodes without any note that they are Tor nodes or any discussion of why that is significant is a pretty good indication of the completely useless nature of their report.

> The attack against U.S. democracy began in the summer of 2015 with a simple trick: Hackers working for Russia’s civilian intelligence service sent e-mails with hidden malware to more than 1,000 people working for the American government and political groups.

> On Thursday, the Department of Homeland Security and the FBI released a joint report about Russian cyberattacks, titled “Grizzly Steppe.” The report had been expected to lay out more details about intelligence agency’s claims that the Russian government was directly linked to hacks on the DNC and other organizations, but security experts have expressed broad disappointment with the report.

> After the U.S. government published a report on Russia’s cyber attacks against the U.S. election system, and included a list of computers that were allegedly used by Russian hackers, I became curious if any of these hackers had visited my personal blog. The U.S. report, which boasted of including “technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services,” came with a list of 876 suspicious IP addresses used by the hackers, and these addresses were the clues I needed to, in the end, understand a gaping weakness in the report.

> Two days before New Years, something interesting happened in the world of cyber security. The Department of Homeland Security released a report on hacking activities by Russian Intelligence Services related to activities against the U.S. Government. The report was somewhat interesting, however DHS also released a set of indicators in a .csv file with 956 lines of data. As the CEO of a new cyber security startup focused on using data in smarter, more interesting ways, this data tugged and pulled at me in a way that I did not expect. Over the next two days, in between (and through) family events, football games, dogs grabbing food off of the counters, I sat on a stool in my in-law’s kitchen and tuned out the world. There was something about this analysis that I could not ignore.

Among the 876 IPs listed in the faulty JAR (Joint Activity Report): various entities found

The minor discrepancies probably come from the fact that there are several distinct lists of all currently active Tor nodes, but the best procedure would be to use a list of all IPs used by Tor nodes during the past year straight from TP.

Again, just to be clear: I don't doubt that RU intelligence has planted APTs deep inside all manner of US networks, including those used by politicians, or that FSB/GRU frequently leaks damaging information about government officials in hopes of influencing elections or destabilizing "adversary nations". They would only be following the lead of USIC: the very first CIA mission involved bribing Italian politicians and rigging elections to prevent the election of Communists (this happened even before CIA was officially created). By the 1980s, CIA had spent hundreds of millions influencing elections in that one country (Italy) alone. Its other election influencing exploits including founding the leading political party in Japan, and preventing certain candidates from winning popular landslides in countries from Malaysia to Chile over much of the past six decades. So Putin is not wrong to wryly declare that USG is in no position to complain about another country successfully altering the outcome of US elections.

More links to experts who dismiss the amateurish JAR "evidence", which casts more doubt upon the ability of USIC to provide useful intelligence analysis:

> ...the only remarkable thing about the hacking of the DNC is that the people responsible for protecting those systems somehow didn’t expect to be constantly targeted with email-based malware attacks. Lest anyone think perhaps the Republicans were better at anticipating such attacks, the FBI notified the Illinois Republican Party in June 2016 that some of its email accounts may have been hacked by the same group. The New York Times has reported that Russian hackers also broke into the DNC’s GOP counterpart — the Republican National Committee — but chose to release documents only on the Democrats.

> Talk about disappointments. The US government's much-anticipated analysis of Russian-sponsored hacking operations provides almost none of the promised evidence linking them to breaches that the Obama administration claims were orchestrated in an attempt to interfere with the 2016 presidential election.

> The hyped — and quickly deflated — news reports alleging Kremlin-backed hacking of the U.S. electric grid via a Vermont power company have stoked fears among cyber specialists that a flurry of false accusations against Russia will follow, as U.S. companies respond to the administration's request that they search for possible Russian-linked cyberattacks on their systems. And those easily debunked tales could sow doubts about all hacking allegations against Russia — undermining the administration's arguments that it has solid evidence Vladimir Putin's regime used digital mischief to interfere in the 2016 presidential election.

Another widely reported story which turns out to have been very misleading was the claim that "known RU malware" had been found to be infecting Burlington Electric's power delivery grid; in fact, someone who works there found probably not-state-sponsored malware on a work laptop (not a SCADA device) and panicked:

> Russian hackers do not appear to be behind an attack on a Vermont electric utility, reports the Washington Post, citing officials close to the investigation of a potential activity first reported by the Post last week. The report at least temporarily puts to bed a news story that rankled many in the security community — including the most fervent believers that the Democratic National Committee was hacked by the Russians — and underlines problems many have with a joint Homeland Security, Director of National Intelligence and FBI report released last week.

One intriguing story late last year which had a similar flavor: the Secretary of State of one US state notice a port scan of her networks from a purported DHS address and immediately publicly accused the USG of trying to hack the state election system. This is intriguing because it shows how close the USA is of doing a USSR and simply dissolving itself in mutual fear and loathing, and also because it shows just how clueless most government officials really are.

Another important point about the debunking of the Burlington Electric story: in contrast to the Vermont power grid, it is a well documented fact that RU state-sponsored hackers have indeed hacked into the Ukraine power grid and actually turned off power to large areas of cities such as Kiev. The RU hackers no doubt exploited the fact that major Russian cities (such as Moscow) have bought "smart meter" systems from Landis+Gyr, which also built the Kiev system. So they have access to the same infrastructure and to the user manuals. Many large US cities have also bought "smart meter" systems from Landis+Gyr, so it would be foolish to doubt that RU state-sponsored hackers have the capability to damage the US power delivery grid, because they have already demonstrated that capability in very similar systems overseas.

We can expect that many more explosive allegations about alleged RU (or CN or IR or KP) hacking into US networks--- heavily slanted to suit various political agendas--- will appear in the coming year. Wary Tor users will need to interpret these carefully, because many of them will no doubt be mangled and misleading, yet may contain a kernel of truth which we would ignore at our peril. Further, we will need to stand together and firmly oppose attempts by our political enemies inside the USG to promote the view that "Tor is used only by enemies of the USA", which is patently absurd. Quite the contrary: no entity needs to adopt onion services on a massive scale more than the USG, in order to better protect the security/privacy of data in motion and data at rest. Making this case to someone like John McCain might be difficult, but we need to try.

can someone explain to me how i can install an the add on "image picker" when using Tor Browser Bundle?

I want to install an image downloader add on to load legal pics. I know add-ons can compromise safety and reveal the real ip, but the risk isnt nearly as high as with plugins, as i read. Should the add-on compromise my safety, im downloading legal stuff anyway. I just feel more comfortable with the tor browser surfing on certain topics, also regarding fingerprinting etc.

The thing is, Tor Browser Bundle doesnt allow me to install the add-on, because Tor Browser "cant modify the needed file" when trying to install it from the add-on page. Who know how to solve that problem?

> Cybersecurity is a pressing issue facing healthcare organizations, as hackers get smarter and continue to expand their attacks on the industry. Most healthcare leaders are keeping patient privacy top of mind, and are looking for ways to improve their security posture.

The keynote speaker this year is former NSA lawyer Joel Brenner. I hope that next year the keynote speaker should be Shari or Roger.

To mention just three examples of problems I think Tor could help solve:

o it is currently standard practice for health providers, health plans and federal agencies to share individual personal medical records via unencrypted fax transmissions, but Tahoe-LAFS could be a better way,

o OnionShare might be well suited for sharing of such files in an ad hoc manner as the need arises, for example when a patient requests a copy of his/her own medical record,

o HHS is pushing providers and plans to offer third party "researchers" easy access to the "anonymized" personal medical records of all patients, or at least all in some large group; here too Onionshare could perhaps help.

In the recent "Joint Action Report" by DHS and ODNI on the so-called "Grizzly Steppe" alleged RU-government-sponsored hacking campaigns (at least two distinct campaigns) accuses than 200 currently active Tor nodes including the CSAIL node-- which is ironic, considering that Joel Brenner is currently an MIT adjunct--- as being involved in "Grizzly Steppe" cyberespionage.

Currently, it seems that USG "cybersecurity experts" are promoting the view that Tor is a big part the secure/anonymous data sharing problems facing the enormous healthcare industry, when Tor Project should be explaining that Tor could be part of the solution.

Sebastian Hahn mail at sebastianhahn.net
Tue Dec 20 13:40:53 UTC 2016
Hi,
> On 20 Dec 2016, at 14:37, fatal wrote:
> an early version of the fahrplan for 33c3 is released¹ (btw. also the
> 33c3 app on f-droid is already available).
>
> I couldn't find any talks from the tor-project yet, but maybe I've
> overlooked them? Will there be any?
>
> And will there be a tor relay operators meetup?
>
> Thanks
>
> f.
>
> ¹ https://fahrplan.events.ccc.de/congress/2016/Fahrplan/CCC has opted not to accept any talks by Tor this year, but there
will be Tor people there. Someone might organize a relay operators
meetup.
Cheers
Sebastian

Remember the story from Jul 2014 which revealed (via a Snowden leak) that NSA uses XKEYSCORE to track every IP address which connects to a Tor Directory Authority? (That is currently necessary to connect to the Tor network.)

At the time, Propublica's star reporters Julia Angwin and Jeff Larson noted NSA's attempt to blunt the PR impact of that revelation:

https://www.propub3r6espa33w.onion/article/heres-one-way-to-land-on-the…
Here’s One Way to Land on the NSA’s Watch List
If you downloaded the privacy software Tor in 2011, you may have been flagged to be spied on.
Julia Angwin and Mike Tigas
ProPublica
9 Jul 2014
> ...
> In response to the Tor news, the NSA said it is following President Obama's January directive to not conduct surveillance for the purpose of "suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion."

So NSA was claiming they can simultaneously avoid

o over-representing members of any ethnic/racial/etc group in XKEYSCORE "hits"

o increased personal consequences for blacklisting for members of any ethnic/racial/etc group.

But it turns out that this claim is mathematically impossible! See

https://www.propub3r6espa33w.onion/article/bias-in-criminal-risk-scores…
Bias in Criminal Risk Scores Is Mathematically Inevitable, Researchers Say
ProPublica’s analysis of bias against black defendants in criminal risk scores has prompted research showing that the disparity can be addressed — if the algorithms focus on the fairness of outcomes.
Julia Angwin and Jeff Larson
ProPublica
30 Dec 2016

> The racial bias that ProPublica found in a formula used by courts and parole boards to forecast future criminal behavior arises inevitably from the test’s design, according to new research. The findings were described in scholarly papers published or circulated over the past several months. Taken together, they represent the most far-reaching critique to date of the fairness of algorithms that seek to provide an objective measure of the likelihood a defendant will commit further crimes.
>
> Increasingly, criminal justice officials are using similar risk prediction equations to inform their decisions about bail, sentencing and early release. The researchers found that the formula, and others like it, have been written in a way that guarantees black defendants will be inaccurately identified as future criminals more often than their white counterparts.
> ...
> The problem, several [of the researchers] said in interviews, arises from the characteristic that criminologists have used as the cornerstone for creating fair algorithms, which is that formula must generate equally accurate forecasts for all racial groups. The researchers found that an algorithm crafted to achieve that goal, known as “predictive parity,” inevitably leads to disparities in what sorts of people are incorrectly classified as high risk when two groups have different arrest rates.

This article is part of a series which IMO *every* Tor user should read (because it so brilliantly explains why Everyman needs Tor:

(In case anyone is worried, I like the way you think, but the onion is Propublica's official onion services mirror of their un-Torified website propublica.org. Propublica also uses SecureDrop, another software highlighted in the "Tor at the Heart" series.)

As I understand, due to fundamental design choices made years ago when http was first created, this is not possible, at least not yet, at least not unless the entire world changes how it does things.

As I understand, the best Tor Project can do right now is to urge operators of websites with content which may be dangerous for some people, such as human rights organizations, to adopt onion services. This won't entirely hide the metadata which concerns you, but it can possibly make it much harder for "security forces" to deduce that person X may be visiting site Y.

As everyone here will recall, FBI has apparently used its NIT malware to attack all onion services, on the assumption that "anyone using an onion service must be up to no good" [sic]. In LEA circles, this principle is called "conciousness of guilt": Informally: "anyone trying to keep anything private must be up to no good" [sic].

FBI claimed that its targets were child pron producers/consumers. We claimed that this is and has always been a PR ploy, that FBI's real targets are political dissidents who use Tor.

And when a court ruled that the defense in the Playpen case must be able to inspect the NIT, FBI tacitly admitted that we are correct: it let the defendant walk rather than disclose the NIT:

> The FBI has decided to let one of its Playpen defendants walk rather than turn over information on its Network Investigative Technique. The NIT, deployed all over the world on the back of a single warrant obtained in Virginia, unmasked Tor users by dropping code on Playpen visitors' computers that sent back IP addresses and other information about the user's computer. The warrant itself has been ruled invalid by a number of judges presiding over Playpen prosecutions, although not all of them have determined that the evidence obtained by the NIT should be suppressed. The FBI not only sent malware to site visitors, but it also ran (and possibly improved) the child porn website for two weeks while pursuing its investigation.... [FBI] could have voluntarily turned over information to Michaud's defense lawyer for examination, but has chosen instead to let Michaud go free.

IOW, FBI is exhibiting "conciousness of guilt". Confronted with a question which would have revealed a dirty truth, it took the Fifth.

The Retroshare project which is a globally active networked community of users and developers has been in place for a decade. Over two years ago the community project added client tor socks5 proxy direct ability and followed that by Retroshare Hidden Nodes routed via tor as a Hidden Service.

Many thousands of Retroshare users are now using and embracing Tor to insure their privacy's, security and in many cases their anonymity. Business's, activists and many citizens in various conflict zones around the world are among well established ardent Retroshare users.

A Wiki blog I wrote specifically to help new users setup and route Retroshare regular nodes as a socks5 proxy client as well as Retroshare hidden nodes operating as a tor routed hidden service has been well received and has resulted in a avid group of Retroshare users who use and love the Tor Project.

To better facilitate their interest I created the Tor Chat lobby inside Retroshare, The Tor Forum and Retroshare tor users Retroshare public key exchange forum to further help expand that group of Retroshare users.

I'm interested in working on a Tor at the Heart of Retroshare Blog post. Who would I contact to help make that happen?

1 Is there any plan to cooperate and incorporate the LEAP.VPN project into tor or other openVPN in a box for dummies packaging? Suspecting the route from user to tor-bridge is problematic and unencrypted wouldn't using a vpn for tor to connect be better?

2 Is adding a dictionary-speller into the tor-browser a security issue? Is using a system speller over tor-browser better than a firefox add-on?

Re 1): No.
Re 2): Adding add-ons to Tor Browser we don't ship is both a potential security issue and a potential fingerprintability problem which is why we are discouraging it. I have not looked at dictionaries in particular but I bet they have at least an update mechanism that is pinging regularly home.

Some users have urged Tor Project to relocate outside of the USA. Instead TP moved (it seems) from Cambridge, MA to Seattle, WA. But bye and bye this may effect the desired change, because the West Coast states are moving towards leaving the USA, possibly to form a new country combining several states (for example, Washington, Oregon, California, and some other former US states and Canadian provinces are discussing forming a new nation which might be called Cascadia or Pacifica).

Washington state alone would immediately become the foremost nuclear power in the world if it left, so such a move would have all kinds of economic and political implications.

As noted earlier in the comments on another post in this blog, independency is increasingly viewed as an appropriate move by the citizenry of West Coast states, e.g.:

> More Californians are now hoping their state secedes from the United States, a new poll shows. About 32 percent of Californians want to create their own country, a new Reuters/Ipsos poll found, including many Democrats who are frustrated with President Trump’s win. Pollsters surveyed 500 Californians between Dec. 6 and Jan. 19.

For comparison, scholars of the First American Revolution generally agree that the number of colonial citizens who favored independency was about 20%.

Recent Updates

Hi! There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.3.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in February.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It introduces a mechanism to handle the high loads that many relay operators have been reporting recently. It also fixes several bugs in older releases. If this new code proves reliable, we plan to backport it to older supported release series.

Changes in version 0.3.3.2-alpha - 2018-02-10

Major features (denial-of-service mitigation):

Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses). First: if a single client address makes too many concurrent connections (>100), hang up on further connections. Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours). Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so there's no need to configure anything manually. Implements ticket 24902.

Major bugfixes (netflow padding):

Stop adding unneeded channel padding right after we finish flushing to a connection that has been trying to flush for many seconds. Instead, treat all partial or complete flushes as activity on the channel, which will defer the time until we need to add padding. This fix should resolve confusing and scary log messages like "Channel padding timeout scheduled 221453ms in the past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.